SELINUX 的策略
配置 SELINUX 的策略, 需要重启机器
参数 (= 必须):
conf
如果不是标准设置,则需提供 SELinux 的配置文件路径
[Default: /etc/selinux/config]
policy
当状态不是`disabled'时,SELinux使用的策略名 (example: `targeted')
[Default: None]
= state
SELinux 模式
(Choices: enforcing, permissive, disabled)
[Default: None]
注意: 没有在debian系的机器上测试完全
依赖: libselinux-python
示例:
- selinux: policy=targeted state=enforcing
- selinux: policy=targeted state=permissive
- selinux: state=disabled
[root@www ~]# ansible all -m selinux -a 'state=disabled'
192.168.179.99 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"configfile": "/etc/selinux/config",
"msg": "",
"policy": "targeted",
"reboot_required": false,
"state": "disabled"
}
[root@www ~]# ansible all -m selinux -a 'policy=targeted state=permissive'
[WARNING]: Reboot is required to set SELinux state to 'permissive'
192.168.179.99 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"configfile": "/etc/selinux/config",
"msg": "Config SELinux state changed from 'disabled' to 'permissive'",
"policy": "targeted",
"reboot_required": true,
"state": "permissive"
}